1.888.749.9800

Blog

Most Commonly Overlooked Components of Operational Security

I was recently asked to comment on the most commonly overlooked components of operational security. To get the correct answer, sometimes it helps to take a step back and make sure you are asking the right question. The question should be “How do you ensure that your security program satisfies your operational security requirements?” With that question, […]

By |September 5th, 2017|Blog, ISO 27002|Comments Off on Most Commonly Overlooked Components of Operational Security
  • Permalink Gallery

    What role should security analytics play in information security programs today?

What role should security analytics play in information security programs today?

No one can argue that analyzing the security state of your IT environment (in a comprehensive and integrated manner) and taking proactive measures to prevent security incidents is the right way to manage an IT operation.  

The problem with Security Analytics isn’t a failure of vision; everyone agrees that we should be able to take […]

By |August 17th, 2017|Blog|Comments Off on What role should security analytics play in information security programs today?
  • Permalink Gallery

    The Future of Our Energy Grid: Vulnerabilities as it Shifts from Fossil Fuels to Renewable Sources

The Future of Our Energy Grid: Vulnerabilities as it Shifts from Fossil Fuels to Renewable Sources

Our electric grid is comprised of generation facilities, high voltage transmission networks, substations, renewable point generation sources, and low voltage distribution networks.

Protecting the electric grid from cyber-attacks is complicated by its enormous scale – upwards of 7,000 power plants, more than 150,000 miles of high voltage transmission lines, and more than 50,000 substations. Some are […]

By |August 1st, 2017|Blog, Security Breach|Comments Off on The Future of Our Energy Grid: Vulnerabilities as it Shifts from Fossil Fuels to Renewable Sources
  • Permalink Gallery

    The Best IT Security Policies Reflect the Value of Simplicity

The Best IT Security Policies Reflect the Value of Simplicity

90 percent of what we do to help people get better security is focusing on straight-forward common sense and having consistent policies and procedures.

To be good at what we do, we always work to make things as simple as possible for our customers because we recognize human behavior, and it is so much easier to remember and do simple […]

By |July 17th, 2017|Blog, Security Breach|Comments Off on The Best IT Security Policies Reflect the Value of Simplicity

What Comes First, the 27001 or the 27002 ISO Standards?

There is something quirky about the 27000 series of standards published by the International Organization for Standardization (ISO).

Perhaps it is presented deliberately this way as a lesson in due diligence. Perhaps it is just a random error. But the standards are in the wrong numerical order. Judging from our interactions with company IT organizations, this […]

By |June 8th, 2017|Blog, ISO 27002|Comments Off on What Comes First, the 27001 or the 27002 ISO Standards?

Tips to Protect Against Ransomware

Following the Wannacry outbreak, we were reading about another attack, called Adylkuzz. Both cyberthreats rely on a Windows bug that was patched on March 14 and only affect PCs that haven’t installed the latest version of Microsoft’s software updates.

In light of this news, I thought it would be timely to talk about some common sense recommendations […]

By |May 22nd, 2017|Blog, Security Breach|Comments Off on Tips to Protect Against Ransomware

Disaster Recovery & Cybersecurity

I’d like to share answers to questions recently asked about disaster recovery.

1. What advice would you give to tie cybersecurity protection and IT disaster recovery together for business continuity?

There are a number of activities performed by the IT operational group within an organization that deal with Disaster Recovery. They include performing data backups, using primary/backup datacenters, and […]

By |May 9th, 2017|Blog, Security Breach|Comments Off on Disaster Recovery & Cybersecurity

Tips to Prevent Online Identity Theft

There are few new trends in online identity theft, although some attacks are becoming more sophisticated, the basic steps to prevent exploits remains the same.

Be on the lookout for attacks that use broken English in the message body. While most now use proper English and use the same style and logos that are used by […]

By |April 24th, 2017|Blog, Security Breach|Comments Off on Tips to Prevent Online Identity Theft

Network Access Control (NAC)

Controlling access to the network is fundamental security control. For shared networks, the capability of users to connect to the network should be restricted. Well known security frameworks such as ISO 27002, Information technology – Security techniques – Code of practice for information security management, includes this control as a recommendation. And the […]

By |April 11th, 2017|Blog, ISO 27002, Uncategorized|Comments Off on Network Access Control (NAC)
  • Permalink Gallery

    Some Basic but Effective Advice for Secure Online Transactions

Some Basic but Effective Advice for Secure Online Transactions

Just about everybody shops online these days. Even so, many people worry about security issues and fraud.  I was recently asked if I could share some high-level tips and best practices for online transactions. Here is what I recommend:

  1. Try to consolidate all online purchases onto a single credit or debit card.  That way, you […]
By |March 10th, 2017|Blog|Comments Off on Some Basic but Effective Advice for Secure Online Transactions

How Big an Issue is Security; How can it be Addressed?

Other than the technology itself of an IoT device and the service it provides, the single most important characteristic that will define either success or failure, no matter what the size of the business, will be the security of that device.

The IoT is only in its infancy and yet there have already been an alarming […]

By |March 6th, 2017|Blog, Security Breach|Comments Off on How Big an Issue is Security; How can it be Addressed?

Impact of a Data Breach on a Small Business

While our main focus is as a provider of IT compliance and security consulting services, we have been called in to help a few small businesses handle security incidents and data breaches. These calls come to us after the client has discovered there’s been a security incident or data breach and as a result is seeking to […]

By |February 20th, 2017|Blog, Security Breach|Comments Off on Impact of a Data Breach on a Small Business

Importance of Following IT Security Policies

Just as in the 1980s when manufacturing companies recognized that quality was an attribute that had to baked into every facet of an organization (from design, production, delivery, and through product lifecycle), not inspected in at the end of the process, effective cyber security depends on every employee playing a part in keeping the enterprise secure.

The most sophisticated and […]

By |February 6th, 2017|Blog|Comments Off on Importance of Following IT Security Policies

IoT Security Nightmares

At the same time that consumers and manufacturers are getting excited about the potential opportunities, capabilities, and revenue that the Internet of Things (IoT) enhanced devices can offer, many are already starting to understand the frightening lack of essential security functionality and the potentially overwhelming opportunities for exploitation.

The IoT is only in its infancy and […]

By |January 23rd, 2017|Blog|Comments Off on IoT Security Nightmares
  • Permalink Gallery

    Why it is Important for Companies to Invest in Cybersecurity Awareness Training

Why it is Important for Companies to Invest in Cybersecurity Awareness Training

Technology is only as effective as the people that operate it.

Cybersecurity awareness training is the most cost effective investment any organization can make in preventing data breaches, system compromise, reputational damage, and loss of intellectual property.

No one is born knowing how to use computers and networks securely. There are basic dos and don’ts […]

By |January 17th, 2017|Blog, Security Breach|Comments Off on Why it is Important for Companies to Invest in Cybersecurity Awareness Training